The decentralized finance (DeFi) project Onyx Protocol has fallen victim to an exploit resulting in the loss of nearly $2 million worth of Ethereum (ETH), according to findings by blockchain analytics company PeckShield. This unfortunate incident highlights the ongoing challenges faced by the DeFi ecosystem in terms of security.
Onyx Protocol’s $2 Million Hack
PeckShield, a renowned blockchain security and data analytics company, disclosed the details of the exploit, which amounted to a staggering $2.1 million loss. In a series of tweets, the firm outlined the key aspects of the incident and provided insights into how the exploit occurred. “The Onyx Protocol hack leads to ~$2.1M loss by exploiting a known rounding issue behind the popular CompoundV2 fork,” PeckShield tweeted.
The tweet further added, “Basically, the exploited oPEPE market was deployed 5 days ago without any liquidity. This empty market was abused with donations to borrow funds from other markets with liquidity. The donated funds were then redeemed by exploiting the known rounding issue. Note the same bug was exploited in an earlier #HundredFinance hack with ~$7M loss.”
The breach highlights a significant vulnerability in the Onyx Protocol, which allowed malicious actors to take advantage of the project’s smart contract code, ultimately leading to substantial loss. It is a stark reminder that even DeFi projects built on robust protocols can still face security challenges and vulnerabilities.
PeckShield also reported that the wallet address associated with the Onyx Protocol exploiter now holds a balance of 1,164 ETH, approximately equivalent to $2.1 million. Furthermore, the exploiter has taken action to move the stolen funds to a new wallet address, as PeckShield reported in another tweet: “Onyx Protocol Exploiter has moved the stolen funds (~$2.1M) to a new address 0x4C9C…0c98.”
In an effort to obfuscate the origins of the stolen funds, the exploiter has also reportedly laundered 100 ETH using TornadoCash, a privacy-focused Ethereum mixer, as noted by PeckShield. As of now, the Onyx Protocol team has not released an official statement addressing the incident. The community and DeFi enthusiasts are eagerly awaiting further details on the breach and the steps that will be taken to mitigate its impact.
This incident serves as a stark reminder of the ongoing security challenges within the DeFi space. While DeFi offers numerous benefits and opportunities, it also comes with a higher degree of risk, and developers and projects must remain vigilant in identifying and addressing vulnerabilities in their code to prevent such exploits in the future.